Commit graph

114 commits

Author SHA1 Message Date
Richard Levitte
13ac37d01a Make it possible to load keys from stdin, and restore that
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:27:47 +00:00
Richard Levitte
8d37f07e09 If the email address is moved from the subject to the subject alternate name,
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
2002-07-31 14:06:09 +00:00
Bodo Möller
13793a0ddf Fix bug introduced with revision 1.95 when this filed was modified to
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).

Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>

typo
2002-07-18 11:19:05 +00:00
Richard Levitte
6d454e6ab2 Unixware doesn't have strings.h, so we need to declare strcasecmp()
differently.
Unixware 2 needs to link with libresolv.
PR: 148
2002-07-18 07:47:49 +00:00
Dr. Stephen Henson
7448f5e5ed Reorganise -subj option code, fix buffer overrun. 2002-05-19 16:32:21 +00:00
Lutz Jänicke
fb0f53b2e0 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
2002-04-30 12:10:10 +00:00
Dr. Stephen Henson
25f350a058 Fix the Win32_rename() function so it correctly
returns an error code. Use the same code in Win9X
and NT.

Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.
2002-03-08 19:06:36 +00:00
Richard Levitte
421d474332 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Richard Levitte
fb67f40f04 Add the configuration target VxWorks. 2002-02-14 16:23:55 +00:00
Dr. Stephen Henson
6229a5607c Fix email address delete code. 2001-11-06 01:44:21 +00:00
Dr. Stephen Henson
9b55da73ca Another noemailDN fix. 2001-10-27 17:53:06 +00:00
Dr. Stephen Henson
e7156ff2e8 Allow ca to certify requests containing BMPStrings and UTF8Strings. 2001-10-27 17:04:47 +00:00
Dr. Stephen Henson
437db75b94 Bugfixes for noemailDN option. Make it use the
correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.
2001-10-27 17:03:20 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Dr. Stephen Henson
b65f851318 Make -passin -passout etc work again.
Fix leak in ca.c when using -passin.
2001-08-17 01:09:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Richard Levitte
ce16450a89 Make better use of load_cert, load_certs and load_key. 2001-06-27 09:12:43 +00:00
Richard Levitte
531d630b5c Provide an application-common setup function for engines and use it
everywhere.
2001-06-18 06:22:33 +00:00
Richard Levitte
30b4c2724e Extend all the loading functions to take an engine pointer, a pass
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.
2001-05-30 15:29:28 +00:00
Richard Levitte
98405f240b VMS doesn't support more than on period in a file name 2001-05-22 12:47:38 +00:00
Dr. Stephen Henson
791bd0cd2b Add copy_extensions option to 'ca' utility. 2001-03-16 02:04:17 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Richard Levitte
19f2192136 Windows does not know of strigs.h or strcasecmp, so when in Windows,
make strcasecmp a macro to _stricmp.
2001-02-22 14:21:06 +00:00
Richard Levitte
14565bedaf Some functions, like strdup() and strcasecmp(), are defined in
strings.h according to X/Open.
2001-02-20 19:05:59 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates.
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Dr. Stephen Henson
90f63e8f83 Don't shadow. 2001-01-18 01:36:54 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'.
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
8e5b6314ef Fix warning in apps/ca.c 2001-01-14 13:58:49 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb'
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-12 14:50:44 +00:00
Bodo Möller
2c0d10123e If CONF_get_string returns NULL and we want to tolerate this
(e.g., use a default), we have to call ERR_clear_error().
2000-12-15 16:59:49 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ben Laurie
b0dc680f71 Fix warnings. 2000-12-03 10:04:22 +00:00
Geoff Thorpe
35a99b6380 Use the new LHASH macros to declare type-safe wrapper functions that can
be used as the hash/compare callbacks without function pointer casting.

For now, this is just happening in the apps/ directory whilst a few people
check the approach. The rest of the library will be moved across to the
same idea if there's no problems with this.
2000-12-02 23:16:54 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Richard Levitte
32d862ede4 Add the possibility to use keys handled by engines in more
applications.
2000-10-28 22:40:40 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Richard Levitte
431b0cce7d Move add_oid_section to apps.c, so it can be shared by several
applications.  Also, have it and the certificate and key loading
functions take a BIO argument for error output.
2000-06-22 22:07:27 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00